·¢²¼Ê±¼ä:2021-03-10 11:00:41 ÎÄÕÂÀ´Ô´:ÓêÁÖľ·çϵͳÏÂÔØ ×÷Õß: ³ÌÐòÔ³VB½ã
Èçͼ2Ëùʾ
3 µ¯³ö´ÅÅ̼ì²é´°¿Ú£¬ÓêÁÖľ·çwin10Æì½¢°æϵͳ£¬¹´Ñ¡“×Ô¶¯ÐÞ¸´Îļþϵͳ´íÎó”ºÍ“ɨÃè²¢³¢ÊÔÐÞ¸´»µÉÈÇø”£¬µã»÷“¿ªÊ¼”
2¡¢»Ò³¾ÇåÀí¹ýÁË£¬µ«ÊÇÓÐЩCPUζȻ¹ÊDZȽϸߣ¬¿ÉÒÔ³¢ÊÔÖØÐÂÌí¼Ó¹è½º
3¡¢×îºóÔÚÕë¶Ôϵͳ´ò¿ª»ò¹Ø±ÕÏàÓ¦ÏûÏ¢£¬Õâ±ß¿ÉÒÔ½øÐÐ×Ô¶¨ÉèÖÃÄÄЩÊÇÐèÒªÆôÓõÄÏûÏ¢Ìáʾ£¬½«Ã»±ØÒªµÄÌáʾ¸ø¹Ø±Õµôwin7ÖØ×°win10ϵͳºóÎÞ·¨Æô¶¯²»ÁË
¹¦ÄÜÌØÐÔ
ÄÚ½¨smbÈÏÖ¤·þÎñÆ÷,Ö§³ÖµÄ·¶Î§: Windows 95 µ½ Server 2012 RC, Samba ÒÔ¼° Mac OSX Lion,¸Ã¹¦ÄÜ»áĬÈϱ»ÆôÓÃ,¿ÉÒÔÓÃÀ´½Ø»ñhash À´ÓÃÓÚsmb relay¹¥»÷
ÄÚ½¨mssqlÈÏÖ¤·þÎñÆ÷.¶Ôwindows°æ±¾¸ßÓÚwindows VistaµÄ»úÆ÷ʹÓÃ-rÑ¡Ïî À´Öض¨ÏòmssqlÈÏÖ¤µ½¸Ã¹¤¾ß,ÔÚWindows SQL Server 2005 & 2008 Éϳɹ¦²âÊÔ.
ÄÚ½¨httpÈÏÖ¤·þÎñÆ÷,¶Ôwindows°æ±¾¸ßÓÚwindows VistaµÄ»úÆ÷ʹÓÃ-rÑ¡ÏîÀ´Öض¨ÏòhttpÈÏÖ¤µ½¸Ã¹¤¾ß.³É¹¦ÔÚ IE 6 µ½ IE 10, Firefox, Chrome, Safari.²âÊÔ
ÄÚ½¨httpsÈÏÖ¤·þÎñÆ÷,¶Ôwindows°æ±¾¸ßÓÚwindows VistaµÄ»úÆ÷ʹÓÃ-rÑ¡Ïî À´Öض¨ÏòhttpsÈÏÖ¤µ½¸Ã¹¤¾ß certs/ Ŀ¼ÏÂÓÐÁ½¸öĬÈϵÄÖ¤Êé.
ÄÚ½¨LDAPÈÏÖ¤·þÎñÆ÷,¶Ôwindows°æ±¾¸ßÓÚwindows VistaµÄ»úÆ÷ʹÓÃ-rÑ¡Ïî À´Öض¨ÏòLDAPÈÏÖ¤µ½¸Ã¹¤¾ß
ÄÚ½¨FTP, POP3, IMAP, SMTP ·þÎñÆ÷ÓÃÓÚÊÕ¼¯Ã÷ÎĵÄƾ¾Ý.
ÄÚ½¨DNS ·þÎñÆ÷.ÓÃÀ´ÏìÓ¦ AÀàÐͲéѯ,ÅäºÏarpÆÛƹ¥»÷¾Í·Ç³£À÷º¦ÁË.
ÄÚ½¨ WPAD ´úÀí·þÎñÆ÷.¸ÃÄ£¿é»áץȡÍøÂçÖеÄÊý¾Ý°ü,È»ºóÕÒµ½¿ªÆôÁËAuto-detect settingsµÄieä¯ÀÀÆ÷,È»ºóÏòËû×¢ÈëPAC½Å±¾¾ßÌå¿ÉÒÔ¿´Responder.conf.
Browser Listener ÔÚÒþÉíģʽÏÂÕÒÖ÷Óò¿Ø
Ö¸ÎÆʶ±ðÄ£¿é ʹÓà -f ±êÇ©ÆôÓÃ,Ëû»á×Ô¶¯Ê¶±ðʹÓÃµÄ LLMNR/NBT-NS²éѯµÄÖ÷»úÖ¸ÎÆ.
IcmpÖض¨ÏòÄ£¿é python tools/Icmp-Redirect.py ÔÚWindows XP/2003ÒÔ¼°¸üÔç°æ±¾µÄÓò³ÉÔ±À´½øÐÐÖмäÈ˹¥»÷,Ò»°ãÅäºÏ DNS ·þÎñÆ÷Ä£¿éÀ´Ê¹ÓÃ.
Rogue DHCP Rogue DHCP
·ÖÎöģʽ ʹÓÃÕâÖÖģʽÄã¿ÉÒԲ鿴ûÓо¹ýÈκζ¾»¯µÄNBT-NS, BROWSER, LLMNR, DNSÇëÇóµÄÕæʵÐÎ̬.ͬʱ¿ÉÒÔ±»¶¯µÄÓ³ÉäÄÚÍøµÄÍØÆË,ͬʱ¿ÉÒԲ鿴ÊÇ·ñ¿ÉÒÔ½øÐÐicmpÖض¨Ïò¹¥»÷.
SMBRelayÄ£¿é Õë¶ÔÌض¨µÄÓû§Ê¹ÓÃÆäƾ¾ÝÖ´ÐÐÎÒÃǶ¨ÒåµÄÃüÁî
ÈÕÖ¾¼Ç¼
ËüËùÓÐ×¥µ½µÄhash¶¼»á±»´òÓ¡µ½±ê×¼Êä³ö½Ó¿ÚÉÏͬʱ»áÒÔÏÂÃæµÄ¸ñʽ´æ´¢.
(MODULE_NAME)-(HASH_TYPE)-(CLIENT_IP).txt
ÈÕÖ¾ÎļþλÓÚ logs/ Ŀ¼ÏÂ,ËùÓеĻ¶¼»á¼Ç¼µ½ Responder-Session.log ,·ÖÎöģʽϵÄÈÕÖ¾±£´æµ½ Analyze-Session.log, ¶¾»¯Ä£Ê½ÏµÄÈÕÖ¾±£´æµ½ Poisoners-Session.log.ͬʱËùÓÐ×¥µ½µÄhash¶¼»á´æ´¢µ½ÎÒÃÇÔÚResponder.confÖÐÅäÖõÄsqliteÊý¾Ý¿âÖÐ.
Ñ¡Ïî
--version show program's version number and exit
-h, --help show this help message and exit
-A, --analyze Analyze mode. This option allows you to see NBT-NS,
BROWSER, LLMNR requests without responding.
-I eth0, --interface=eth0
Network interface to use
-b, --basic Return a Basic HTTP authentication. Default: NTLM
-r, --wredir Enable answers for netbios wredir suffix queries.
Answering to wredir will likely break stuff on the
network. Default: False
-d, --NBTNSdomain Enable answers for netbios domain suffix queries.
Answering to domain suffixes will likely break stuff
on the network. Default: False
-f, --fingerprint This option allows you to fingerprint a host that
issued an NBT-NS or LLMNR query.
-w, --wpad Start the WPAD rogue proxy server. Default value is
False
-u UPSTREAM_PROXY, --upstream-proxy=UPSTREAM_PROXY
±Ê¼Ç±¾ µçÄÔ ÏµÍ³ ÖØ×° uÅÌ win7ϵͳÔõô°ì
Upstream HTTP proxy used by the rogue WPAD Proxy for
outgoing requests (format: host:port)
-F, --ForceWpadAuth Force NTLM/Basic authentication on wpad.dat file
¡££¬ÓêÁÖľ·çuÅÌϵͳÖÆ×÷
±¾ÎÄÊôÓÚÔ´´ÎÄÕ£¬ÈçÈôתÔØ£¬Çë×¢Ã÷À´Ô´£ºÓêÁÖľ·çϵͳÏÂÔØ¡£ÎÒÃDZ¾ÎÄ»°Ìâ¾ÍÊÇ£ºwin7ϵͳ´¿¾»°æuÅÌwin10ϵͳÔõôÉý¼¶µ½win10²»ÁË£¬ÒÔÉϵÄÈ«²¿ÄÚÈݲ»´ú±í±¾Õ¾µãÆÀ,½ö´Ë²Î¿¼£¬ÏëÒªÁ˽â¸ü¶à£¬Çë¹Ø×¢±¾ÎÄ×÷Õß:³ÌÐòÔ³VB½ã,Ó¦Óо¡ÓС£
ÉÏһƪ£ºwin7ϵͳ´¿¾»°æ32ºÍ64λµÄÇø±ðwin7ϵͳµÄÅäÖÃÒªÇóÂð
ÏÂһƪ£ºÃ»ÓÐÁË